Skip to main content

Opensc EUVDEUVD-2025-209124

| CVE-2025-49010 LOW
Stack-based Buffer Overflow (CWE-121)
2026-03-30 GitHub_M
3.8
CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
3.8 LOW
AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Red Hat
3.8 LOW
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
0.27.0
EUVD ID Assigned
Mar 30, 2026 - 17:36 euvd
EUVD-2025-209124
Analysis Generated
Mar 30, 2026 - 17:36 vuln.today
CVE Published
Mar 30, 2026 - 16:59 nvd
LOW 3.8

DescriptionGitHub Advisory

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

AnalysisAI

Stack buffer overflow in OpenSC's GET RESPONSE handler prior to version 0.27.0 allows local attackers with physical access to trigger memory corruption via specially crafted smart card or USB device responses to APDUs. The vulnerability requires user interaction and physical proximity, limiting its practical exploitability; however, it could enable local privilege escalation or information disclosure when an authorized user or administrator actively uses a token. No public exploit code or active exploitation has been confirmed.

Technical ContextAI

OpenSC is middleware for smart card and token management on desktop systems. The vulnerability exists in the GET RESPONSE APDU handler, which processes responses from smart cards or USB tokens. When a crafted token returns specially formed APDU responses, a stack buffer overflow (CWE-121) occurs, allowing an attacker to write beyond allocated stack memory boundaries. The attack surface is limited to the APDUs exchanged during token interaction; the attacker must control the physical device or perform a man-in-the-middle attack on the USB/smart card interface. Affected versions are all releases prior to 0.27.0, as identified by the CPE range cpe:2.3:a:opensc:opensc:*:*:*:*:*:*:*:* without upper-bound version.

RemediationAI

Vendor-released patch: OpenSC version 0.27.0 and later. Update from official distribution channels or rebuild from source. For users unable to upgrade immediately, limit physical access to computers during token operations and monitor for suspicious device behavior. Environment controls such as restricting USB device insertion policies and using only trusted, pre-vetted smart cards or tokens can mitigate risk. Refer to the official security advisory at https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4 for detailed remediation guidance.

More in Opensc

View all
CVE-2019-6502 HIGH POC
7.5 Jan 22

sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. Rated

CVE-2018-16393 MEDIUM POC
6.8 Sep 03

Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15

CVE-2018-16392 MEDIUM POC
6.8 Sep 03

Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC

CVE-2018-16391 MEDIUM POC
6.8 Sep 03

Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in O

CVE-2018-16425 MEDIUM POC
6.6 Sep 04

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenS

CVE-2018-16424 MEDIUM POC
6.6 Sep 04

A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-r

CVE-2018-16423 MEDIUM POC
6.6 Sep 04

A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0

CVE-2018-16422 MEDIUM POC
6.6 Sep 04

A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs1

CVE-2018-16421 MEDIUM POC
6.6 Sep 04

Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c

CVE-2018-16420 MEDIUM POC
6.6 Sep 04

Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003

CVE-2018-16419 MEDIUM POC
6.6 Sep 04

Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in

CVE-2018-16418 MEDIUM POC
6.6 Sep 04

A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 coul

Vendor StatusVendor

Share

EUVD-2025-209124 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy